SET was developed by a consortium including Visa and MasterCard. Source: Harris, Shon, CISSP All In One Exam Guide, pages 668-669.
Mondex is a smart card electronic cash system owned by MasterCard. SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure replacement for telnet.
Secure HTTP is a secure message-oriented communications protocol designed for use in conjunction with HTTP. It is designed to coexist with HTTP’s messaging model and to be easily integrated with HTTP applications.

As per the RFC in reference, the Authentication Header (AH) protocol is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non-repudiation.
from a cryptography point of view, so we will cover it from a VPN point of view here. IPSec is a suite of protocols that was developed to specifically protect IP traffic. IPv4 does not have any integrated security, so IPSec was developed to bolt onto IP and secure the data the protocol transmits. Where PPTP and L2TP work at the data link layer, IPSec works at the network layer of the OSI model. The main protocols that make up the IPSec suite and their basic functionality are as follows: A. Authentication Header (AH) provides data integrity, data origin authentication, and protection from replay attacks. B. Encapsulating Security Payload (ESP) provides confidentiality, data-origin authentication, and data integrity. C. Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange. D. Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP.
The following are incorrect answers:
ESP is a mechanism for providing integrity and confidentiality to IP datagrams. It may also provide authentication, depending on which lgorithm and algorithm mode are used. Non-repudiation and protection from traffic analysis are not provided by ESP (RFC 1827). SSL is a secure protocol used for transmitting private information over the Internet. It works by using a public key to encrypt data that is transferred of the SSL connection. OIG 2007, page 976 SSH-2 is a secure, efficient, and portable version of SSH (Secure Shell) which is a secure replacement for telnet.
Reference(s) used for this question: Shon Harris, CISSP All In One, 6th Edition , Page 705 and RFC 1826, http://tools.ietf.org/html/rfc1826, paragraph 1.

Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2.

The following answers are incorrect: It has been mathematically proved to be less secure. ECC has not been proved to be more or less secure than RSA. Since ECC is newer than RSA, it is considered riskier by some, but that is just a general assessment, not based on mathematical arguments.
It has been mathematically proved to be more secure. ECC has not been proved to be more or less secure than RSA. Since ECC is newer than RSA, it is considered riskier by some, but that is just a general assessment, not based on mathematical arguments.
It is believed to require longer key for equivalent security. On the contrary, it is believed to require shorter keys for equivalent security of RSA.
Shon Harris, AIO v5 pg719 states:
“In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter that what RSA requires”
The following reference(s) were/was used to create this question: ISC2 OIG, 2007 p. 258 Shon Harris, AIO v5 pg719

The Answer: Rijndael. Rijndael is the new approved method of encrypting sensitive but unclassified information for the U.S. government. It has been accepted by and is also widely used in the public arena as well. It has low memory requirements and has been constructed to easily defend against timing attacks.
The following answers are incorrect: Twofish. Twofish was among the final candidates chosen for AES, but was not selected.
Serpent. Serpent was among the final candidates chosen for AES, but was not selected. RC6. RC6 was among the final candidates chosen for AES, but was not selected.
The following reference(s) were/was used to create this question:
ISC2 OIG, 2007 p. 622, 629-630 Shon Harris AIO, v.3 p 247-250

RSA can be used for encryption, key exchange, and digital signatures. Key Exchange versus key Agreement
KEY EXCHANGE Key exchange (also known as “key establishment”) is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm.
If sender and receiver wish to exchange encrypted messages, each must be equipped to encrypt messages to be sent and decrypt messages received. The nature of the equipping they require depends on the encryption technique they might use. If they use a code, both will require a copy of the same codebook. If they use a cipher, they will need appropriate keys. If the cipher is a symmetric key cipher, both will need a copy of the same key. If an asymmetric key cipher with the public/private key property, both will need the other’s public key.
KEY AGREEMENT Diffie-Hellman is a key agreement algorithm used by two parties to agree on a shared secret. The Diffie Hellman (DH) key agreement algorithm describes a means for two parties to agree upon a shared secret over a public network in such a way that the secret will be unavailable to eavesdroppers. The DH algorithm converts the shared secret into an arbitrary amount of keying material. The resulting keying material is used as a symmetric encryption key.
The other answers are not correct because: DES and IDEA are both symmetric algorithms. Diffie-Hellman is a common asymmetric algorithm, but is used only for key agreement. It is not typically used for data encryption and does not have digital signature capability.
References: http://tools.ietf.org/html/rfc2631 For Diffie-Hellman information: http://www.netip.com/articles/keith/diffie-helman.htm

Notice that the question specifically asks what PGP uses to encrypt For this, PGP uses an symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key and then send it securely to the receiver. It is an hybrid system where both types of ciphers are being used for different purposes.
Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are 100 to 1000 times slower than Symmetric Ciphers.
The other answers are not correct because:
“An asymmetric encryption algorithm” is incorrect because PGP uses a symmetric algorithm to encrypt data.
“A symmetric key distribution system” is incorrect because PGP uses an asymmetric algorithm for the distribution of the session keys used for the bulk of the data.
“An X.509 digital certificate” is incorrect because PGP does not use X.509 digital certificates to encrypt the data, it uses a session key to encrypt the data.
References: Official ISC2 Guide page: 275 All in One Third Edition page: 664 -665

DES works with 64 bit blocks of text using a 64 bit key (with 8 bits used for parity, so the effective key length is 56 bits).
Some people are getting the Key Size and the Block Size mixed up. The block size is usually a specific length. For example DES uses block size of 64 bits which results in 64 bits of encrypted data for each block. AES uses a block size of 128 bits, the block size on AES can only be 128 as per the published standard FIPS-197.
A DES key consists of 64 binary digits (“0″s or “1”s) of which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used for error detection. The 8 error detecting bits are set to make the parity of each 8-bit byte of the key odd, i.e., there is an odd number of “1”s in each 8-bit byte1. Authorized users of encrypted computer data must have the key that was used to encipher the data in order to decrypt it.
IN CONTRAST WITH AES The input and output for the AES algorithm each consist of sequences of 128 bits (digits with values of 0 or 1). These sequences will sometimes be referred to as blocks and the number of bits they contain will be referred to as their length. The Cipher Key for the AES algorithm is a sequence of 128, 192 or 256 bits. Other input, output and Cipher Key lengths are not permitted by this standard.
The Advanced Encryption Standard (AES) specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Rijndael was designed to handle additional block sizes and key lengths, however they are not adopted in the AES standard.
The AES algorithm may be used with the three different key lengths indicated above, and therefore these different “flavors” may be referred to as “AES-128”, “AES-192”, and “AES-256”.
The other answers are not correct because: “64 bits of data input results in 56 bits of encrypted output” is incorrect because while DES does work with 64 bit block input, it results in 64 bit blocks of encrypted output.
“128 bit key with 8 bits used for parity” is incorrect because DES does not ever use a 128 bit key.
“56 bits of data input results in 56 bits of encrypted output” is incorrect because DES always works with 64 bit blocks of input/ output, not 56 bits.
Reference(s) used for this question: Official ISC2 Guide to the CISSP CBK, Second Edition, page: 336-343 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

If we assume a crytpo-system with a large key (and therefore a large key space) a brute force attack will likely take a good deal of time -anywhere from several hours to several years depending on a number of variables. If you use a session key for each message you encrypt, then the brute force attack provides the attacker with only the key for that one message. So, if you are encrypting 10 messages a day, each with a different session key, but it takes me a month to break each session key then I am fighting a loosing battle.
The other answers are not correct because: “The use of good key generators” is not correct because a brute force key attack will eventually run through all possible combinations of key. Therefore, any key will eventually be broken in this manner given enough time.
“Nothing can defend you against a brute force crypto key attack” is incorrect, and not the best answer listed. While it is technically true that any key will eventually be broken by a brute force attack, the question remains “how long will it take?”. In other words, if you encrypt something today but I can’t read it for 10,000 years, will you still care? If the key is changed every session does it matter if it can be broken after the session has ended? Of the answers listed here, session keys are “often considered a good protection against the brute force cryptography attack” as the question asks.
“Algorithms that are immune to brute force key attacks” is incorrect because there currently are no such algorithms.
References: Official ISC2 Guide page: 259 All in One Third Edition page: 623

A digital signature directly addresses both confidentiality and integrity of the CIA triad. It does not directly address availability, which is what denial-of-service attacks.
The other answers are not correct because:
“nonrepudiation” is not correct because a digital signature can provide for nonrepudiation. “authentication” is not correct because a digital signature can be used as an authentication mechanism “data integrity” is not correct because a digital signature does verify data integrity (as part of nonrepudiation)
References: Official ISC2 Guide page: 227 & 265 All in One Third Edition page: 648